Anyone who paid for items via chip-enabled cards is likely safe, the company said.

"All Buckle stores had EMV (chip card) technology enabled during the time that the incident occurred," Buckle revealed on Friday. "We believe the exposure of cardholder data that can be used to create counterfeit cards is limited. However, it is possible that certain credit card numbers may have been compromised."

Payment card expiration dates and account holder names may have also fallen into the hands of hackers.

However, Buckle assured shoppers that no email addresses, physical mailing addresses or social security numbers were compromised. There's also "no evidence" that people who made purchases on buckle.com were affected by the breach.

"We take the protection of payment card data very seriously," the company said. "We are cooperating fully with card brands and forensic investigation services. Any affected individuals either have or will likely receive communications from their issuing banks with additional instructions and/or replacement cards."

Criminal data breaches are a growing problem. It's estimated they'll cost businesses a total of $8 trillion over the next five years, according to a global report from U.K-based market intelligence firm Juniper Research.

The phenomenon is both devastating and costly for companies - in 2015, research revealed that more than $315 billion had been lost by enterprises around the world during the past year.